package com.yjz.security.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

//@Configuration
//@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
           http.authorizeRequests()
                   .anyRequest()
                   .permitAll() //允许所有请求通过
                   .and()
                   .csrf()
                   .disable()  // 禁用spring security自带的跨域处理
                   .sessionManagement() //定义自己的session 策略
                   // 调整为让 Spring Security 不创建和使用 session
                   .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }
}
